Security Issue

The file is needed for the forum to know what SQL server and database to use.

The file is an ASP file, this means that if the file is requested it is parsed by the ASP.DLL and only any script output is ent to the browser.

As there is no output from this file if someone calls the file in their browser they won't be able to see the contents of this file.

The only way someone can view the contenets of this file is to hack your FTP account and download the file using FTP.

So this is not a security problem.

Thank you for your responses.

I still didn't feel comfortable just having the database information there and visible in the code, so, I added an include file which has encryption and decryption modules I wrote, and encrypted the database access variables.

So, the information is still there, but a hacker will have to get access to the SQL connection asp, plus the include file (albeit that file name is included in the SQL connection asp), and then write some code to decipher the information.

For those who may be interested (and I apologize if this is the wrong forum for this aspect of this topic) the modified code now looks like this:

%><!--#include file="functions/functions_other.asp" --><%

'Enter the details of your SQL server below
strSQLServerName = Decrypt("rrarrerrskqskqskqerrqrkrrkarknrrnrrerkrrrqrkrrkkrrnrknrrerkrkqekssrrrrks")
strSQLDBUserName = Decrypt("rrmrrnrrqknkknkknqkqsknnkqlkqsknpkqs")
strSQLDBPassword = Decrypt("kenkemknaknpkql")
strSQLDBName = Decrypt("rrqrprrrprrkrrrrrqrka")